Rebug PSN exploit "known for years"

A well-placed source within Sony has told Eurogamer that a PlayStation 3 security exploit used to steal content from the PlayStation Store was known about within the company "for years" prior to the recent PSN outage, although the two events were not linked.

"The security flaw that allowed the Rebug content exploit was known for years," the source explained. It was "unaddressed based on the belief that the PS3 system itself was unhackable".

Rebug is a custom firmware for PlayStation 3 that uses a series of system software patches to re-enable functionality that should only be available to debug versions of the console, including access to the so-called 'sp-int' developer network, used to road-test online functionality during a game's production.

The developer network allows legitimate developers to use placeholder credit card details to purchase content from the consumer-facing PlayStation Store for testing purposes, but hackers used it to steal content, effectively defrauding Sony and content creators.

The source suggested that the exploit was not considered an issue for as long as the PlayStation 3's firmware itself could not be tampered with.

The release of PSJailbreak last year changed that, but despite knowledge of the issue it was not addressed by Sony's engineers until the emergence of the Rebug firmware many months later.

While damaging, it's important to note that this security hole was completely separate from the breach that caused Sony to suspend the PlayStation Network in late April this year.

However, it is understood the Rebug exploit will also be fixed by the current maintenance work, which sees PSN's security infrastructure being rebuilt from the ground up, and which remains ongoing.

Bertie is a senior staff writer, which doesn't mean he's old, although he is, a bit. He's part of the furniture here and reports on all kinds of things, the stranger the better. He's a bit odd but then who isn't? @Clert on Twitter.